Why Your Biggest Cybersecurity Risk is Your Employee’s Smartphone
Your team’s mobile devices could be creating a weakness in your cybersecurity, so to stay safe from cyberattacks, you’ll need protocols to cover all handheld devices that connect to your business network.
“Forty-five percent of respondents saw mobile devices as the weak spot in their organisation’s defences,” according to a Tech Pro Research survey. If you consider how many mobile devices are on your premises and how many of them connect to the company WiFi, this could create many potential gaps in your cybersecurity. Executives need to somehow manage the proliferation of devices, while still protecting data, securing networks, and training staff to have a serious approach to security.
Fifty percent of all digital time is spent on smartphone apps, while 68% of time is spent on mobile devices, according to comScore.
Even though this may seem like an insurmountable challenge, it can be overcome. “Only twelve percent of businesses have been hit due to a mobile security breach,” according to the Tech Pro Research. There is still time for your cybersecurity team to improve the mobile security practices in your business. Your cybersecurity team will need to follow security best practices, protect corporate data, and educate your staff on security procedures.
DID YOU KNOW?
There was a flaw that left more than 900 million Android devices vulnerable to attacks. The code was published online, but Google has since patched Android.
It’s not just mobile devices that you need to keep an eye on. Binghamton University identified that wearable devices and smartwatches can give away PINs and passwords through an algorithm that has 80% accuracy on the first try and 90% after three attempts.
Ensuring that every one of your employees’ mobile devices is secure can be tricky, as employees lose their devices, and can be lax when it comes to security features and compliance. Compound the challenge with team members bringing in their own unsupported devices and you can see why having a blanket cybersecurity system protecting all mobile devices can be challenging.
“In a July report on mobile security, it was noted that mobile devices are generally breached because people lose them or don’t practice good security habits, such as not applying the latest security updates, and not because the device had some kind of inherently weak security,” says the Harvard Business Review (HBR).
How to protect your business from infiltration via mobile devices
Jack Wallen, a Tech Pro Research analyst, has a few recommendations to shore up your overall cybersecurity and fortify your corporate mobile defence:
1. Implement cybersecurity training for your employees and top management on strategies to keep their devices safe, and how to protect corporate data. Include those in the C-suite, as they have access to more confidential company knowledge. “Keep in mind, that employees who are traveling internationally can also become an easy target without proper cybersecurity training,” says HBR.
2. You’ll need to invest in digital systems that encrypt information, protect your networks and potential corruption points such as Internet-of-Things sensors, point of sale terminals, and mobile devices.
3. Implement a good security strategy that includes auditing your networks regularly, re-tooling and updating your security policies as technology evolves, and migrating systems that can be off-site to a secure provider. “These strategies need to incorporate mobile risks from devices in the workplace, such as smartphones, and soon to be wearables,” according to HBR.
4. Hire a digital forensic specialist to ensure the safety of your network. “Forty-one percent of companies with more than 1 000 employees have a digital forensic expert on staff,” according to HBR. These experts will assist you to investigate security issues on all fronts and implement strategies to prevent infiltration.
What your staff can do to keep your network protected
Kaspersky and TechRepublic have the following cybersecurity techniques that your staff should incorporate into their everyday lives. They should implement the security features on the mobile devices, such as setting a lock and PIN, and switching on the auto-lock.
Your team can use container technology such as Samsung’s Knox, which adds layers of security to work items, and compartmentalises them away from personal files. If your staff backup their work information to the cloud, less compromising information will reside on the device.
Train your staff not to open spam emails, and to avoid downloads that don’t come from reputable sources such as the Apple App Store, Google Play Store or a company-specific area. Two good habits for your team to practice are keeping their devices close and constantly in view and using two-factor authentication.
Put processes in place so that lost or stolen devices can be remotely wiped, to prevent cybercriminals from infiltrating your network through the mobile device. Train staff to recognise if a WiFi connection is unsecure, and not to use it.
To ensure your organisation’s network is safe, confirm that your staff employ solid security habits with their mobile devices. Offer training and insights into the variety of ways they can keep their files secure.
Keep in mind that just because your staff are senior in the business, it does not mean they are tech-savvy. Offer training and refresher courses to keep your people up to date, to ensure they aren’t the cause of a breach to your system.
Most importantly, make your employees aware of all the security applications and strategies they should be using to prevent their devices being used to infiltrate your network. Hold your people accountable if there is a breach due to negligence.
· Implement procedures and protocols so that everyone knows how to prevent your network from being breached, and what to do if there has been a breach.
· Train your employees extensively, so that they know everything about preventing a cyberattack through their mobile device.
· Be aware that wearable devices can also be infiltrated and used to corrupt your system.
· Have experienced digital employees to ensure that the company’s day-to-day and month-to-month operations are protected.